Commit c816d2a3 authored by Günter Hipler's avatar Günter Hipler
Browse files

Merge branch 'helm-charts' into 'master'

Replace k8s manifest with helm chart

See merge request !1
parents 43ac5273 1c4e94c6
Pipeline #31310 passed with stages
in 4 minutes and 48 seconds
# Set up Play for HTTPS and locked down allowed hosts.
# Nothing in here is required for REST, but it's a good default.
play {
http {
cookies.strict = true
session.secure = true
session.httpOnly = true
flash.secure = true
flash.httpOnly = true
forwarded.trustedProxies = ["::1", "127.0.0.1"]
}
i18n {
langCookieSecure = true
langCookieHttpOnly = true
}
filters {
csrf {
cookie.secure = true
}
hosts {
# A list of valid hosts (e.g. "example.com") or suffixes of valid hosts (e.g. ".example.com")
# Note that ".example.com" will match example.com and any subdomain of example.com, with or without a trailing dot.
# "." matches all domains, and "" matches an empty or nonexistent host.
allowed = ["192.168.99.100", "localhost", ".k8s.unibas.ch", "127.0.0.1", ".memobase.ch"]
routeModifiers {
# If non empty, then requests will be checked if the route does not have this modifier. This is how we enable the
# anyhost modifier, but you may choose to use a different modifier (such as "api") if you plan to check the
# modifier in your code for other purposes.
whiteList = ["anyhost"]
# If non empty, then requests will be checked if the route contains this modifier
# The black list is used only if the white list is empty
blackList = []
}
}
}
}
\ No newline at end of file
registry: "cr.gitlab.switch.ch"
image: "memoriav/memobase-2020/services/externalapis/oai"
tag: placeholder
k8sName: oai
k8sNamespace: memobase
k8sGroupId: api
k8sGroupName: api
k8sEnvironment: placeholder
k8sReplicas: placeholder
k8sRequestsCpu: placeholder
k8sRequestsMemory: placeholder
k8sLimitsCpu: placeholder
k8sLimitsMemory: placeholder
k8sHost: placeholder
k8sPort: placeholder
elasticHostConfigs: placeholder
elasticIndexConfigs: placeholder
responseListlength: placeholder
resumptionTokenTtl: placeholder
oaiConfPath: "/app/conf/oaiconfigmap"
secoreConfPath: "/app/conf/secureconfigmap"
\ No newline at end of file
#!/usr/bin/env bash
cd ../conf
kubectl create cm configmap-oai-definitions --from-file ./oai.conf
kubectl create cm configmap-oai-secure --from-file ./secure.conf
\ No newline at end of file
#!/usr/bin/env bash
kubectl delete cm configmap-oai-definitions
kubectl delete cm configmap-oai-secure
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: memobase
name: oai-deployment
labels:
app: oai-api
spec:
selector:
matchLabels:
app: oai-api
replicas: 1
template:
metadata:
labels:
app: oai-api
tier: web
spec:
#serviceAccountName: oai-service-account #to be able to manage other pods inside the cluster
containers:
- name: oai-api-prod-container
#image: cr.gitlab.switch.ch/memoriav/memobase-2020/services/externalapis/oai:latest
image: guenterh/oaimemobase:latest
ports:
- containerPort: 9000
name: http
protocol: TCP
imagePullPolicy: Always
volumeMounts:
- mountPath: /app/conf/oaiconfigmap
name: oaiconf
- mountPath: /app/conf/secureconfigmap
name: secureconf
env:
- name: RESPONSE_LISTLENGTH
value: "30"
- name: RESUMPTION_TOKEN_TTL
value: "3"
- name: ELASTICSEARCH_INDEX
value: oai-v9
- name: ELASTICSEARCH_HOSTS
value: mb-es1.memobase.unibas.ch
- name: ELASTICSEARCH_PORT
value: "8080"
- name: ELASTICSEARCH_CLUSTER
value: test-memobase-search-cluster
volumes:
- name: oaiconf
configMap:
name: configmap-oai-definitions
items:
- key: oai.conf
path: oai.conf
- name: secureconf
configMap:
name: configmap-oai-secure
items:
- key: secure.conf
path: secure.conf
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
namespace: memobase
name: oai-ingress-oai.memobase.ch
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- oai.memobase.ch
secretName: api.memobase.oai.memobase.ch-tls
rules:
- host: oai.memobase.ch
http:
paths:
- path: /
backend:
serviceName: oai-service
servicePort: 9000
apiVersion: v1
kind: Service
metadata:
namespace: memobase
name: oai-service
labels:
app: oai-api
spec:
ports:
- port: 9000
selector:
app: oai-api
tier: web
clusterIP: None
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
metadata:
#namespace: memobase
name: oai-deployment
labels:
app: oai-api
spec:
selector:
matchLabels:
app: oai-api
replicas: 1
template:
metadata:
labels:
app: oai-api
tier: web
spec:
#serviceAccountName: oai-service-account #to be able to manage other pods inside the cluster
containers:
- name: oai-api-prod-container
#image: cr.gitlab.switch.ch/memoriav/memobase-2020/services/externalapis/oai:latest
image: guenterh/oaimemobase:latest
terminationMessagePolicy: FallbackToLogsOnError
ports:
- containerPort: 9000
name: http
protocol: TCP
imagePullPolicy: Always
volumeMounts:
- mountPath: /app/conf/oaiconfigmap
name: oaiconf
- mountPath: /app/conf/secureconfigmap
name: secureconf
env:
- name: RESPONSE_LISTLENGTH
value: "30"
- name: RESUMPTION_TOKEN_TTL
value: "3"
- name: ELASTICSEARCH_INDEX
value: oai-v2
- name: ELASTICSEARCH_HOSTS
value: 192.168.1.116
- name: ELASTICSEARCH_PORT
value: "8080"
- name: ELASTICSEARCH_CLUSTER
value: test-memobase-search-cluster
volumes:
- name: oaiconf
configMap:
name: configmap-oai-definitions
items:
- key: oai.conf
path: oai.conf
- name: secureconf
configMap:
name: configmap-oai-secure
items:
- key: secure.conf
path: secure.conf
apiVersion: v1
kind: Service
metadata:
#namespace: memobase
name: oai-service
labels:
app: oai-api
spec:
type: NodePort
ports:
- port: 9000
nodePort: 30001
selector:
app: oai-api
tier: web
#clusterIP: None
\ No newline at end of file
RESPONSE_LISTLENGTH=30 RESPONSE_LISTLENGTH=30
RESUMPTION_TOKEN_TTL=3 RESUMPTION_TOKEN_TTL=3
ELASTICSEARCH_INDEX=oai-v2 ELASTIC_INDEX=oai-v2
ELASTICSEARCH_HOSTS=localhost ELASTIC_HOST=localhost
ELASTICSEARCH_PORT=8080 ELASTIC_PORT=8080
ELASTICSEARCH_CLUSTER=test-memobase-search-cluster ELASTIC_CLUSTERNAME=test-memobase-search-cluster
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment